Google increases security against phishing plugins

From now on it is going to be harder for you to accidentally install malicious plugins, according to Google. The company has made changes to the way Google services handle plugins, introducing warnings and required verification to install plugins and apps. As a result, apps plugging into Google services will be under more scrutiny, and suspicious apps will receive more attention from the company.

A sophisticated phishing worm attacked Google Drives in May by appearing as an invitation to edit a Google document. This triggered the need to increase security against such plugins. Although the app was not controlled by Google, the fact that it was named ‘Google Docs’ tricked users into granting access to their Drives. Once access was granted, the phishing worm sent a new request to itself to all the user’s contacts, allowing the app to spread. The app had reached tens of thousands of users before Google was able to blacklist it.

Compromised and malicious plugins remain a significant security risk for Google and other service platform providers. However, the new changes will hopefully mean a repeat of May’s attack is much less likely to succeed. Could you spot a phishing email?

Protect yourself from attacks

In response to the growing concern over ransomware and malware, IT Governance now provides a scalable solution for staff awareness training. Our ten-minute Phishing and Ransomware – Human patch e-learning course provides an introduction to phishing and ransomware. It explains the threats that ransomware presents to organisations, and details the resources available to help you understand and combat those threats. We also offer a more detailed Phishing Staff Awareness Course.

Our three-day Cyber Health Check is for large organisations. It includes on-site consultancy and audit, remote vulnerability assessments and an online staff survey in order to assess your cyber risk exposure and identify a practical route to minimise your risks. Receive a prioritised action plan for controlling your cyber risks in line with your risk appetite.

Visit our ransomware page to view all the services we offer to help your organisation combat threats.